Why should you use  Scorecard?

Who is a maintainer of an Open Source project?

Who thinks they have good security practice of their project?

We are here to help

  • Created and maintained by the OpenSSF community
  • help open source maintainers
    • improve their security best practices
  • help open source consumers
    • judge whether their dependencies are safe
  • automated tool  - run checks
    • Scorecard GitHub Action
    • Scorecard REST API
    • Scorecard Badges
  • Is the project free of checked-in binaries?
  • Does the project use Branch Protection ?
  • Does the project run tests in CI?
  • Does the project practice code review before code is merged?
  • Does the project use tools to help update its dependencies?
  • Is the project at least 90 days old, and maintained?

Checks includes

Talk to me if you wanna know more

(I got stickers 🌈)

Why you should use OpenSSF Scorecard?

By Cheuk Ting Ho

Why you should use OpenSSF Scorecard?

  • 219